At Asgard Security we are passionate about transforming security programs for SMBs and large organizations through services that foster strong connections between all aspects of the business. We specialize in Cloud, Application, and Blockchain security workloads through security transformation and vCISO capabilities

I am the host and creator of the Relating to DevSecOps podcast which is a short bi-weekly to monthly discussion on topics that bring the Development, Product Engineering, Operations, Infrastructure and Security points of view together into a room to talk about real world problems with people that are facing them on the ground.

• Led and managed a team of up to 12 remotely distributed engineers and third-party contractors, delivering application and blockchain security services across the SDLC.• Created and introduced services for these business verticals, resulting in a 7x growth across the advisory team.• Designed and conducted application and infrastructure threat modeling and risk analysis, which contributed to 10-15% additional revenue in each deal.• Increased billable hours by 10% by harnessing stronger relationships through unique offerings to the client team which increased successful adoption of models and methods for every client opportunity.• Implemented DevSecOps and security automation, establishing Kudelski as a trusted partner in transforming secure software development programs for enterprise customers in gaming, fintech, telcom, and retail.• Achieved record-setting sales by increasing the average deal size by 10-25% year-over-year through the development of embedded and long-cycle blockchain services.• Aligned strong application security programs with organizational goals driven by information security governance demands.

As a member of the Application Security Services team I worked with large enterprise clients to establish, maintain, and modernize application security programs at scale. I focused on operationalizing security culture and establishing real-world methods at large enterprise clients and fortune 500 companies through techniques such as security automation, threat modeling, secure cloud migration, and application security governance.Key Skills:- Application Source Code Review- Application Penetration Testing and Dynamic Assessments- Cloud Security Posture Analysis- Security Automation and Secure CI/CD Implementation- Kubernetes and Openshift Security in Private and Public Cloud- Security Tooling and Integration into SDLCs (SAST, DAST, SIEM, Logging/Monitoring, Automation)- Security Program Management- Bug Bounty Program Deployment- Client Management and Services Program Development- Application Security Training and Presentation- Application Threat Modeling

While serving as Head of Security at OnDeck I developed a resilient and continuously improving security program based on sound risk assessment and threat modeling. I leveraged my technical background to prepare a data driven security strategy that aligned with the needs and goals of the business. I oversaw a team of security professionals across multiple disciplines including application and information security, compliance and technology risk, and incident response. I worked diligently to steer the security posture of the organization in a positive direction while striving to introduce a minimal amount of functional impact to core components of the business.

I lead a comprehensive application security program that leverages the strategic placement of tools, vendors, and personnel resources. My role included conducting in-depth technical assessments of OnDeck applications, managing the automated dynamic and static security scanning tools, designing effective processes between security and development, conducting threat models and architecture reviews for new and existing applications, providing guidance for team members, conducting security training for employees, and working across departments and other security disciplines to ensure that the security program as a whole is robust and complete.

I worked to maintain and improve the application security landscape at OnDeck through continued development of a Secure SDLC, conducting internal application assessments and penetration tests, leading company wide application security initiatives, conducting developer training, and auditing internal security controls.

During my time at nVisium, I assisted with the application security requirements of nVisium's clients by conducting application analyses using a manual approach with limited use of automated tools. These assessments included black box penetration testing, manual code review, best practice recommendations and training. Additionally, I was heavily involved in developing secure software development lifecycle programs specific to client organizations and their development infrastructure.

During my time as an independent consultant with Citrix, I served as part of the Security Operations team assisting in the ramp up of new security initiatives company wide. I was required to conduct vendor analysis and review, implement technical controls across the operations infrastructure, and document the process and procedure for future operators. Additionally, I assisted with the training of peers in network penetration testing and review ensuring security of the network environment and operations infrastructure

I managed key components in a swiftly forming security team, filling roles in IT Security and Security Operations. I worked closely with cross-departmental teams to ensure efficient and complete roll-outs and served as a primary point of contact for the Network Security team. This role included forensic investigation, log review, and network traffic analysis. I also lead the charge on rolling out company wide disk encryption and anti-virus. This task included training IT and HelpDesk teams on best security practices and low level troubleshooting and security analysis.

During my time as Technical Lead, I worked closely with IT management to develop long term solutions for immediate needs in a swiftly growing startup and worked to provide an adequate bridge between business and technical support operations. These projects included the evaluation of vendor solutions, designing an implementation strategy, implementing the solution, and determining a long term maintenance schedule and strategy, where Desktop support would be involved

My role was to develop and implement communications and marketing programs as a means to maintain a low attrition rate and generate revenue from the existing client base. I worked closely with the marketing, sales and management teams to meet company goals through existing processes and also through the ongoing development of new programs. As the product manager for a suite of hosted software applications, it was also my role to build processes and run beta and product improvement programs as a means to enhance and effectively market a range of products.